From c99fb9add05357a356e224c8bf2b0442fe588d46 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 19:41:59 +0530
Subject: [PATCH 01/22] Added chartmuseum support

---
 README.md | 16 +++++++++++++---
 common.sh |  8 ++++++++
 main.sh   |  8 +++++++-
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 02ff481..5932057 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,8 @@ _Note this action is written to specifically work with Helm repos in Artifactory
 `action` - `[package, test, publish]`
 
 - `package` - Involves helm client only and does dependency build, lint and package chart
-- `publish` - Uses helm artifactory plugin to uploads the chart
+- `publish-artifactory` - Uses helm artifactory plugin to uploads the chart
+- `publish-chartmuseum` - Uses helm cm plugin to uploads the chart
 - `publish-gar` - Uses helm (helm 3.8 or greater), to push on Google Artifactory Registry using OCI
 
 ## Required Environment variables
@@ -101,16 +102,25 @@ jobs:
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 
-      - name: "Helm publish"
+      - name: "Helm publish artifactory"
         uses: draios/action-helm-tools@v1.1.0
         with:
-          action: "publish"
+          action: "publish-artifactory"
         env:
           CHART_DIR: resources/helm/sdcadminoper
           ARTIFACTORY_URL: https://artifactory.internal.sysdig.com:443/artifactory/helm-local/
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 
+       - name: "Helm publish artifactory"
+        uses: draios/action-helm-tools@v1.1.0
+        with:
+          action: "publish-chartmuseum"
+        env:
+          CHART_DIR: resources/helm/sdcadminoper
+          ARTIFACTORY_URL: https://artifactory.internal.sysdig.com:443/artifactory/helm-local/
+          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
+          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 ```
 
 ## Another example for GAR
diff --git a/common.sh b/common.sh
index 3cbbf25..3de03c6 100755
--- a/common.sh
+++ b/common.sh
@@ -70,8 +70,16 @@ install_artifactory_plugin(){
     fi
 }
 
+install_cmpush_plugin(){
+    print_title "Install helm cm-push plugin"
+    if ! (helm plugin list  | grep -q cm-push); then
+	helm plugin install https://github.com/chartmuseum/helm-push --version ${HELM_ARTIFACTORY_PLUGIN_VERSION}
+    fi
+}
+
 remove_helm(){
     helm plugin uninstall push-artifactory
+    helm plugin uninstall cm-push
     sudo rm -rf /usr/local/bin/helm
 }
 
diff --git a/main.sh b/main.sh
index 1921a1a..3d46469 100755
--- a/main.sh
+++ b/main.sh
@@ -12,6 +12,7 @@ source "$SCRIPT_DIR/common.sh"
 
 install_helm
 install_artifactory_plugin
+install_cmpush_plugin
 get_chart_version
 
 case "${ACTION}" in
@@ -30,10 +31,15 @@ case "${ACTION}" in
         print_title "Helm package"
         helm package "${CHART_DIR}" --version v"${CHART_VERSION}" --app-version "${CHART_VERSION}" --destination "${RUNNER_WORKSPACE}"
         ;;
-    "publish")
+    "publish-artifactory")
         print_title "Push chart"
         helm push-artifactory "${CHART_DIR}" "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}" --version "${CHART_VERSION}"
         ;;
+    "publish-chartmuseum")
+        print_title "Push chart"
+        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}" --version "${CHART_VERSION}" 
+        helm cm-push "${CHART_DIR}" amagi-charts 
+        ;;
     "publish-gar")
         print_title "Push chart on OCI registry"
         check_helm_version_gte_3_8

From 1debf941569433ba73cf2d0b0f101ffe4385976d Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 19:45:06 +0530
Subject: [PATCH 02/22] update README

---
 README.md | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 5932057..fbac9a9 100644
--- a/README.md
+++ b/README.md
@@ -93,7 +93,7 @@ jobs:
     #   run:
 
       - name: "Helm publish"
-        uses: draios/action-helm-tools@v1.1.0
+        uses: rarchk/action-helm-tools@v1.1.0
         with:
           action: "package"
         env:
@@ -103,7 +103,7 @@ jobs:
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 
       - name: "Helm publish artifactory"
-        uses: draios/action-helm-tools@v1.1.0
+        uses: rarchk/action-helm-tools@v1.1.0
         with:
           action: "publish-artifactory"
         env:
@@ -112,15 +112,6 @@ jobs:
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 
-       - name: "Helm publish artifactory"
-        uses: draios/action-helm-tools@v1.1.0
-        with:
-          action: "publish-chartmuseum"
-        env:
-          CHART_DIR: resources/helm/sdcadminoper
-          ARTIFACTORY_URL: https://artifactory.internal.sysdig.com:443/artifactory/helm-local/
-          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
-          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 ```
 
 ## Another example for GAR
@@ -135,7 +126,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
       - name: "Helm Publish on GAR"
-        uses: draios/action-helm-tools@v1.2.0
+        uses: rarchk/action-helm-tools@v1.2.0
         with:
           action: "publish-gar"
         env:
@@ -150,3 +141,23 @@ jobs:
           GAR_JSON_KEY: "${{ secrets.GAR_DEV_RW_JSON_KEY }}"
           CHART_PREFIX: "YOUR_PREFIX"
 ```
+## Addon for chart-museum
+```yaml
+name: Helm lint, test, package and publish
+on: pull_request
+
+jobs:
+  helm-suite:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      - name: "Helm publish artifactory"
+        uses: rarchk/action-helm-tools@v1.1.0
+        with:
+          action: "publish-chartmuseum"
+        env:
+          CHART_DIR: resources/helm/sdcadminoper
+          ARTIFACTORY_URL: https://artifactory.internal.sysdig.com:443/artifactory/helm-local/
+          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
+          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
+```
\ No newline at end of file

From 9560a6fc231efa2e6ecc759cc361005cd7a3dcca Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 20:10:08 +0530
Subject: [PATCH 03/22] updated github release version

---
 README.md | 1 +
 common.sh | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fbac9a9..5f18dfb 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ CHART_PREFIX: "YOURPREFIX"
 HELM_VERSION: # Override helm version. Default "3.5.1"
 KUBECTL_VERSION: # Override kubectl version. Default "1.21.0"
 HELM_ARTIFACTORY_PLUGIN_VERSION: # Override helm artifactory plugin version. Default "v1.0.2"
+HELM_CHARTMUSEUM_PLUGIN_VERSION: # Override helm chartmuseum plugin version. Default "0.10.3"
 CHART_VERSION: # If defined, override version in Chart.yaml file. Default is unset
 DEBUG: # If defined will set debug in shell script.
 ```
diff --git a/common.sh b/common.sh
index 3de03c6..fe24ae3 100755
--- a/common.sh
+++ b/common.sh
@@ -4,6 +4,7 @@ set -eo pipefail
 export HELM_VERSION=${HELM_VERSION:="3.5.1"}
 export KUBECTL_VERSION=${KUBECTL_VERSION:="1.21.0"}
 export HELM_ARTIFACTORY_PLUGIN_VERSION=${HELM_ARTIFACTORY_PLUGIN_VERSION:="v1.0.2"}
+export HELM_CHARTMUSEUM_PLUGIN_VERSION=${HELM_CHARTMUSEUM_PLUGIN_VERSION:="0.10.3"}
 export CHART_VERSION=${CHART_VERSION:=""}
 export CHART_APP_VERSION=${CHART_APP_VERSION:=""}
 
@@ -73,7 +74,7 @@ install_artifactory_plugin(){
 install_cmpush_plugin(){
     print_title "Install helm cm-push plugin"
     if ! (helm plugin list  | grep -q cm-push); then
-	helm plugin install https://github.com/chartmuseum/helm-push --version ${HELM_ARTIFACTORY_PLUGIN_VERSION}
+	helm plugin install https://github.com/chartmuseum/helm-push --version ${HELM_CHARTMUSEUM_PLUGIN_VERSION}
     fi
 }
 

From 34d6a1d88cd91e1d32f0af8e072be53c4d0cd1ff Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 20:16:29 +0530
Subject: [PATCH 04/22] updated github release version

---
 main.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.sh b/main.sh
index 3d46469..e256e4d 100755
--- a/main.sh
+++ b/main.sh
@@ -32,12 +32,12 @@ case "${ACTION}" in
         helm package "${CHART_DIR}" --version v"${CHART_VERSION}" --app-version "${CHART_VERSION}" --destination "${RUNNER_WORKSPACE}"
         ;;
     "publish-artifactory")
-        print_title "Push chart"
+        print_title "Push chart to artifactory"
         helm push-artifactory "${CHART_DIR}" "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}" --version "${CHART_VERSION}"
         ;;
     "publish-chartmuseum")
-        print_title "Push chart"
-        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}" --version "${CHART_VERSION}" 
+        print_title "Push chart to chartmuseum"
+        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"  
         helm cm-push "${CHART_DIR}" amagi-charts 
         ;;
     "publish-gar")

From afeb6388e8287202d7758cdcd6819a83809ca2eb Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 20:31:04 +0530
Subject: [PATCH 05/22] upload an existing chart

---
 main.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.sh b/main.sh
index e256e4d..0b7de02 100755
--- a/main.sh
+++ b/main.sh
@@ -38,7 +38,7 @@ case "${ACTION}" in
     "publish-chartmuseum")
         print_title "Push chart to chartmuseum"
         helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"  
-        helm cm-push "${CHART_DIR}" amagi-charts 
+        helm cm-push "${CHART_DIR}" amagi-charts | true 
         ;;
     "publish-gar")
         print_title "Push chart on OCI registry"

From a08756ab756789075bcb6b5255ae36e001f3563f Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 31 May 2023 20:50:07 +0530
Subject: [PATCH 06/22] update chart version

---
 main.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.sh b/main.sh
index 0b7de02..8c3c039 100755
--- a/main.sh
+++ b/main.sh
@@ -38,7 +38,7 @@ case "${ACTION}" in
     "publish-chartmuseum")
         print_title "Push chart to chartmuseum"
         helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"  
-        helm cm-push "${CHART_DIR}" amagi-charts | true 
+        helm cm-push "${CHART_DIR}" amagi-charts || true 
         ;;
     "publish-gar")
         print_title "Push chart on OCI registry"

From 3c4ca0bbfd6fd70dd5cc6520298d4c28581e744d Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Tue, 24 Oct 2023 08:33:13 +0530
Subject: [PATCH 07/22] diff based workflow committed

---
 README.md |  8 ++++++--
 common.sh | 18 ++++++++++++++++++
 main.sh   | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5f18dfb..d9815e2 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ _Note this action is written to specifically work with Helm repos in Artifactory
 
 `action` - `[package, test, publish]`
 
+- `pre-commit` - Runs pre-commit checks on helm including linting, validation, tests, diff
 - `package` - Involves helm client only and does dependency build, lint and package chart
 - `publish-artifactory` - Uses helm artifactory plugin to uploads the chart
 - `publish-chartmuseum` - Uses helm cm plugin to uploads the chart
@@ -61,6 +62,8 @@ GAR_JSON_KEY: "${{ secrets.GAR_DEV_RW_JSON_KEY }}"
 # The chart prefix is used to distinguish from app container
 # images with the same name pushed on GAR.
 CHART_PREFIX: "YOURPREFIX"
+UPSTREAM_BRANCH: "main"
+CURRENT_BRANCH: "Add your current branch"
 ```
 
 ## Optional Environment variables
@@ -93,6 +96,7 @@ jobs:
     # - name: myOtherJob1
     #   run:
 
+
       - name: "Helm publish"
         uses: rarchk/action-helm-tools@v1.1.0
         with:
@@ -151,7 +155,7 @@ jobs:
   helm-suite:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       - name: "Helm publish artifactory"
         uses: rarchk/action-helm-tools@v1.1.0
         with:
@@ -161,4 +165,4 @@ jobs:
           ARTIFACTORY_URL: https://artifactory.internal.sysdig.com:443/artifactory/helm-local/
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
-```
\ No newline at end of file
+```
diff --git a/common.sh b/common.sh
index fe24ae3..30e20a2 100755
--- a/common.sh
+++ b/common.sh
@@ -7,6 +7,7 @@ export HELM_ARTIFACTORY_PLUGIN_VERSION=${HELM_ARTIFACTORY_PLUGIN_VERSION:="v1.0.
 export HELM_CHARTMUSEUM_PLUGIN_VERSION=${HELM_CHARTMUSEUM_PLUGIN_VERSION:="0.10.3"}
 export CHART_VERSION=${CHART_VERSION:=""}
 export CHART_APP_VERSION=${CHART_APP_VERSION:=""}
+export DYFF_VERSION=${DYFF_VERSION:="1.6.0"}
 
 export GCLOUD_PROJECT_CHECK=${GCLOUD_PROJECT_CHECK:="true"}
 
@@ -95,3 +96,20 @@ check_helm_version_gte_3_8(){
         exit 1
     fi
 }
+
+install_dyff() {
+    if ! command -v dyff; then
+        echo "dyff is missing"
+        get_dyff
+    elif ! [[ $(dyff version) == *${DYFF_VERSION}* ]]; then
+        echo "dyfff $(dyff version) is not desired version"
+        get_dyff
+    fi
+}
+
+get_dyff() {
+    print_title "Get dyff:${DYFF_VERSION}"
+    curl -L "https://github.com/homeport/dyff/releases/download/v${DYFF_VERSION}/dyff_${DYFF_VERSION}_linux_amd64.tar.gz" | tar xvz
+    chmod +x dyff
+    sudo mv dyff /usr/local/bin/dyff
+}
diff --git a/main.sh b/main.sh
index 8c3c039..bab62bc 100755
--- a/main.sh
+++ b/main.sh
@@ -14,8 +14,55 @@ install_helm
 install_artifactory_plugin
 install_cmpush_plugin
 get_chart_version
+install_dyff
 
 case "${ACTION}" in
+    "pre-commit")
+        print_title "Helm dependency build"
+        helm dependency build "${CHART_DIR}"
+
+        print_title "Linting"
+        if [[ -f "${CHART_DIR}/linter_values.yaml" ]]; then
+            # allow for the same yaml layout that is used by gruntwork-io/pre-commit helmlint.sh
+            helm lint -f "${CHART_DIR}/values.yaml" -f "${CHART_DIR}/linter_values.yaml" "${CHART_DIR}"
+        else
+            helm lint "${CHART_DIR}"
+        fi
+
+        print_title "Helm diff"
+        # checkout upstream
+        git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
+        helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
+
+        # checkout current
+        git checkout -b current_branch origin/"${CURRENT_BRANCH}"
+        helm template "${CHART_DIR}" > /tmp/current_values.yaml
+
+        # Compute diff between two releases
+        set +e
+        OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+        if [ $? -ge 2 ]; then
+            diff /tmp/upstream_values.yaml /tmp/current_values.yaml
+        fi
+        SUCCESS=$?
+        echo "$OUTPUT"
+        set -e
+
+        # COMMENT STRUCTURE
+        COMMENT="#### \`helm diff \` Output
+        <details>
+        <summary>Details</summary>
+        \`\`\`
+        $OUTPUT
+        \`\`\`
+        </details>"
+
+        PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
+        COMMENTS_URL=$(cat /github/workflow/event.json | jq -r .pull_request.comments_url)
+        echo "Commenting on PR $COMMENTS_URL"
+        curl -s -S -H "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL"
+        exit $SUCCESS
+        ;;
     "package")
         print_title "Helm dependency build"
         helm dependency build "${CHART_DIR}"
@@ -37,8 +84,8 @@ case "${ACTION}" in
         ;;
     "publish-chartmuseum")
         print_title "Push chart to chartmuseum"
-        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"  
-        helm cm-push "${CHART_DIR}" amagi-charts || true 
+        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"
+        helm cm-push "${CHART_DIR}" amagi-charts || true
         ;;
     "publish-gar")
         print_title "Push chart on OCI registry"

From f9cb843c1e774b6a2b0abe3cf86f47cc6dd8fd72 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Tue, 24 Oct 2023 15:49:41 +0530
Subject: [PATCH 08/22] adding debug statements.

---
 main.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/main.sh b/main.sh
index bab62bc..19ad99d 100755
--- a/main.sh
+++ b/main.sh
@@ -30,11 +30,14 @@ case "${ACTION}" in
         fi
 
         print_title "Helm diff"
+        git fetch -a
         # checkout upstream
+        echo git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
         git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
         helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
 
         # checkout current
+        echo git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         helm template "${CHART_DIR}" > /tmp/current_values.yaml
 

From feda721d7e225cb7b70d795905dd864d54f4cf84 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Tue, 24 Oct 2023 16:02:47 +0530
Subject: [PATCH 09/22] chart not present error handled

---
 main.sh | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/main.sh b/main.sh
index 19ad99d..9f69562 100755
--- a/main.sh
+++ b/main.sh
@@ -34,12 +34,22 @@ case "${ACTION}" in
         # checkout upstream
         echo git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
         git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
-        helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
+        if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
+            # chart does not exists
+            helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
+        else
+            touch /tmp/upstream_values.yaml
+        fi
 
         # checkout current
         echo git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         git checkout -b current_branch origin/"${CURRENT_BRANCH}"
-        helm template "${CHART_DIR}" > /tmp/current_values.yaml
+        if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
+            # chart does not exists
+            helm template "${CHART_DIR}" > /tmp/current_values.yaml
+        else
+            touch /tmp/current_values.yaml
+        fi
 
         # Compute diff between two releases
         set +e

From 0bdada798198c06ad256b7d3f7d889cf549810d2 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Tue, 24 Oct 2023 16:34:22 +0530
Subject: [PATCH 10/22] adding much simpler fixes.

---
 main.sh | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/main.sh b/main.sh
index 9f69562..0c5c075 100755
--- a/main.sh
+++ b/main.sh
@@ -40,17 +40,21 @@ case "${ACTION}" in
         else
             touch /tmp/upstream_values.yaml
         fi
+        print_title "upstream values"
+        cat /tmp/upstream_values.yaml
 
         # checkout current
         echo git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
             # chart does not exists
+            echo foo
             helm template "${CHART_DIR}" > /tmp/current_values.yaml
         else
             touch /tmp/current_values.yaml
         fi
-
+        print_title "Current values"
+        cat /tmp/currernt_values.yaml
         # Compute diff between two releases
         set +e
         OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
@@ -70,10 +74,20 @@ case "${ACTION}" in
         \`\`\`
         </details>"
 
-        PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
-        COMMENTS_URL=$(cat /github/workflow/event.json | jq -r .pull_request.comments_url)
-        echo "Commenting on PR $COMMENTS_URL"
-        curl -s -S -H "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL"
+        set -x
+        cat << EOM > body.json
+        {
+          "body": "${COMMENT}"
+        }
+        EOM
+        cat body.json
+        ls -R /github
+
+        curl --silent -X POST \
+          --header 'content-type: application/json' \
+          --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+          "https://api.github.com/repos/${{ github.repository }}/issues/${GITHUB_PR_NUMBER}/comments" \
+          --data "@body.json"
         exit $SUCCESS
         ;;
     "package")

From 58008df57cc349482148343de649cc6f8328e355 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 11:00:42 +0530
Subject: [PATCH 11/22] adding lint and diff action separately

---
 README.md |  3 ++-
 main.sh   | 45 +++++++++++++++++++--------------------------
 2 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index d9815e2..7fd63f0 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,8 @@ _Note this action is written to specifically work with Helm repos in Artifactory
 
 `action` - `[package, test, publish]`
 
-- `pre-commit` - Runs pre-commit checks on helm including linting, validation, tests, diff
+- `lint` - Runs helm linter along with dependency build.
+- `diff` - Runs helm diff using templates along with dependency build.
 - `package` - Involves helm client only and does dependency build, lint and package chart
 - `publish-artifactory` - Uses helm artifactory plugin to uploads the chart
 - `publish-chartmuseum` - Uses helm cm plugin to uploads the chart
diff --git a/main.sh b/main.sh
index 0c5c075..30f996e 100755
--- a/main.sh
+++ b/main.sh
@@ -17,19 +17,22 @@ get_chart_version
 install_dyff
 
 case "${ACTION}" in
-    "pre-commit")
+    "lint")
         print_title "Helm dependency build"
         helm dependency build "${CHART_DIR}"
 
-        print_title "Linting"
+        print_title "Helm Linting"
         if [[ -f "${CHART_DIR}/linter_values.yaml" ]]; then
             # allow for the same yaml layout that is used by gruntwork-io/pre-commit helmlint.sh
             helm lint -f "${CHART_DIR}/values.yaml" -f "${CHART_DIR}/linter_values.yaml" "${CHART_DIR}"
         else
             helm lint "${CHART_DIR}"
         fi
-
-        print_title "Helm diff"
+        ;;
+    "diff")
+        print_title "Helm dependency build"
+        helm dependency build "${CHART_DIR}"
+        print_title "Computing Helm diff"
         git fetch -a
         # checkout upstream
         echo git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
@@ -39,55 +42,45 @@ case "${ACTION}" in
             helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
         else
             touch /tmp/upstream_values.yaml
+            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
         fi
-        print_title "upstream values"
-        cat /tmp/upstream_values.yaml
-
         # checkout current
         echo git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         git checkout -b current_branch origin/"${CURRENT_BRANCH}"
         if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
             # chart does not exists
-            echo foo
             helm template "${CHART_DIR}" > /tmp/current_values.yaml
         else
             touch /tmp/current_values.yaml
+            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
         fi
-        print_title "Current values"
-        cat /tmp/currernt_values.yaml
         # Compute diff between two releases
         set +e
-        OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+        OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)
+        OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         if [ $? -ge 2 ]; then
-            diff /tmp/upstream_values.yaml /tmp/current_values.yaml
+            OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
-        echo "$OUTPUT"
         set -e
 
         # COMMENT STRUCTURE
-        COMMENT="#### \`helm diff \` Output
+        COMMENT="#### \`Computed Helm Diff\` Output
         <details>
         <summary>Details</summary>
         \`\`\`
-        $OUTPUT
+        $OUTPUT1
         \`\`\`
         </details>"
-
-        set -x
-        cat << EOM > body.json
-        {
-          "body": "${COMMENT}"
-        }
-        EOM
-        cat body.json
-        ls -R /github
-
+        PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
+        echo -e '\033[1mComputed Helm Diff\033[0m'
+        printf "$OUTPUT"
         curl --silent -X POST \
           --header 'content-type: application/json' \
           --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
           "https://api.github.com/repos/${{ github.repository }}/issues/${GITHUB_PR_NUMBER}/comments" \
-          --data "@body.json"
+          --data "$PAYLOAD"
         exit $SUCCESS
         ;;
     "package")

From be0b1cf27292ea207814bd90df03e970bea40b65 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 11:05:23 +0530
Subject: [PATCH 12/22] removing dependency of PR number from output.

---
 main.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.sh b/main.sh
index 30f996e..8d0845a 100755
--- a/main.sh
+++ b/main.sh
@@ -79,7 +79,7 @@ case "${ACTION}" in
         curl --silent -X POST \
           --header 'content-type: application/json' \
           --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
-          "https://api.github.com/repos/${{ github.repository }}/issues/${GITHUB_PR_NUMBER}/comments" \
+          "https://api.github.com/repos/${{ github.repository }}/issues/${{github.event.pull_request.number}}/comments" \
           --data "$PAYLOAD"
         exit $SUCCESS
         ;;

From 3b4654660e5ba04d0841e8e598699775e8f75e46 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 14:40:43 +0530
Subject: [PATCH 13/22] event export

---
 main.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/main.sh b/main.sh
index 8d0845a..17b6a95 100755
--- a/main.sh
+++ b/main.sh
@@ -65,6 +65,9 @@ case "${ACTION}" in
         SUCCESS=$?
         set -e
 
+        echo -e '\033[1mComputed Helm Diff\033[0m'
+        printf "$OUTPUT"
+
         # COMMENT STRUCTURE
         COMMENT="#### \`Computed Helm Diff\` Output
         <details>
@@ -74,13 +77,15 @@ case "${ACTION}" in
         \`\`\`
         </details>"
         PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
-        echo -e '\033[1mComputed Helm Diff\033[0m'
-        printf "$OUTPUT"
-        curl --silent -X POST \
-          --header 'content-type: application/json' \
-          --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
-          "https://api.github.com/repos/${{ github.repository }}/issues/${{github.event.pull_request.number}}/comments" \
-          --data "$PAYLOAD"
+        # curl --silent -X POST \
+        #   --header 'content-type: application/json' \
+        #   --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+        #   "https://api.github.com/repos/${{ github.repository }}/issues/${{github.event.pull_request.number}}/comments" \
+        #   --data "$PAYLOAD"
+
+        COMMENTS_URL=$(cat "$GITHUB_EVENT_PATH" | jq -r .pull_request.comments_url)
+        echo "Commenting on PR $COMMENTS_URL"
+        curl -s -S -H "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL"
         exit $SUCCESS
         ;;
     "package")

From df39c8d09e12ad402567506c16927c54ce0ddbd7 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 15:17:31 +0530
Subject: [PATCH 14/22] updated hlem checks.

---
 main.sh | 39 ++++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/main.sh b/main.sh
index 17b6a95..b08a0c5 100755
--- a/main.sh
+++ b/main.sh
@@ -34,58 +34,55 @@ case "${ACTION}" in
         helm dependency build "${CHART_DIR}"
         print_title "Computing Helm diff"
         git fetch -a
+        
+        if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
+            helm template "${CHART_DIR}" > /tmp/current_values.yaml
+        else
+            ls "${CHART_DIR}" || true
+            touch /tmp/current_values.yaml
+            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
+        fi
+
         # checkout upstream
         echo git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
         git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
-        if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
+        if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
             # chart does not exists
             helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
         else
+            ls "${CHART_DIR}" || true
             touch /tmp/upstream_values.yaml
             printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
         fi
-        # checkout current
-        echo git checkout -b current_branch origin/"${CURRENT_BRANCH}"
-        git checkout -b current_branch origin/"${CURRENT_BRANCH}"
-        if [[ -f "${CHART_DIR}/chart.yaml" ]]; then
-            # chart does not exists
-            helm template "${CHART_DIR}" > /tmp/current_values.yaml
-        else
-            touch /tmp/current_values.yaml
-            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
-        fi
+        
         # Compute diff between two releases
         set +e
         OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)
         OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         if [ $? -ge 2 ]; then
             OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT1=$(sh -c "diff /tmp/ upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
         set -e
 
         echo -e '\033[1mComputed Helm Diff\033[0m'
-        printf "$OUTPUT"
+        printf "$OUTPUT\n"
 
         # COMMENT STRUCTURE
         COMMENT="#### \`Computed Helm Diff\` Output
         <details>
         <summary>Details</summary>
-        \`\`\`
         $OUTPUT1
-        \`\`\`
         </details>"
         PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
-        # curl --silent -X POST \
-        #   --header 'content-type: application/json' \
-        #   --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
-        #   "https://api.github.com/repos/${{ github.repository }}/issues/${{github.event.pull_request.number}}/comments" \
-        #   --data "$PAYLOAD"
 
         COMMENTS_URL=$(cat "$GITHUB_EVENT_PATH" | jq -r .pull_request.comments_url)
         echo "Commenting on PR $COMMENTS_URL"
-        curl -s -S -H "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL"
+        curl --silent -X POST \
+          --header 'content-type: application/json' \
+          --header  "Authorization: token $GITHUB_TOKEN" \
+          --data "$PAYLOAD" "$COMMENTS_URL"
         exit $SUCCESS
         ;;
     "package")

From 2718b4a04affe23b3373618b0b2ad894a9772fd5 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 15:18:04 +0530
Subject: [PATCH 15/22] updated hlem checks.

---
 main.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.sh b/main.sh
index b08a0c5..2833622 100755
--- a/main.sh
+++ b/main.sh
@@ -34,7 +34,7 @@ case "${ACTION}" in
         helm dependency build "${CHART_DIR}"
         print_title "Computing Helm diff"
         git fetch -a
-        
+
         if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
             helm template "${CHART_DIR}" > /tmp/current_values.yaml
         else
@@ -54,7 +54,7 @@ case "${ACTION}" in
             touch /tmp/upstream_values.yaml
             printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
         fi
-        
+
         # Compute diff between two releases
         set +e
         OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)

From 1d7ece70676aef55b901385d4c81ec54bb8aa6b5 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 15:20:32 +0530
Subject: [PATCH 16/22] fixing typo

---
 main.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.sh b/main.sh
index 2833622..7a0203f 100755
--- a/main.sh
+++ b/main.sh
@@ -61,7 +61,7 @@ case "${ACTION}" in
         OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         if [ $? -ge 2 ]; then
             OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-            OUTPUT1=$(sh -c "diff /tmp/ upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
         set -e

From 5733053e0e15be9ebe4d8e09ecd0e4986b9c4dff Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 16:16:16 +0530
Subject: [PATCH 17/22] adding non-failable differ

---
 main.sh | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/main.sh b/main.sh
index 7a0203f..111440f 100755
--- a/main.sh
+++ b/main.sh
@@ -64,17 +64,15 @@ case "${ACTION}" in
             OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
-        set -e
-
         echo -e '\033[1mComputed Helm Diff\033[0m'
         printf "$OUTPUT\n"
 
         # COMMENT STRUCTURE
         COMMENT="#### \`Computed Helm Diff\` Output
-        <details>
-        <summary>Details</summary>
-        $OUTPUT1
-        </details>"
+<details>
+<summary>Details</summary>
+$OUTPUT1
+</details>"
         PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
 
         COMMENTS_URL=$(cat "$GITHUB_EVENT_PATH" | jq -r .pull_request.comments_url)
@@ -82,8 +80,8 @@ case "${ACTION}" in
         curl --silent -X POST \
           --header 'content-type: application/json' \
           --header  "Authorization: token $GITHUB_TOKEN" \
-          --data "$PAYLOAD" "$COMMENTS_URL"
-        exit $SUCCESS
+          --data "$PAYLOAD" "$COMMENTS_URL" > /dev/null
+        exit 0
         ;;
     "package")
         print_title "Helm dependency build"

From 4e3adbb832b588e41305f868ba77758b490b5f52 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 17:53:16 +0530
Subject: [PATCH 18/22] updating generalized helm differ

---
 README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 main.sh   |  9 +++++++--
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 7fd63f0..ef05a4f 100644
--- a/README.md
+++ b/README.md
@@ -167,3 +167,48 @@ jobs:
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_HELM_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_HELM_PASSWORD }}
 ```
+
+## Diff as a template
+Diff can be used to compute differences between complex helm distributions
+
+```mermaid
+graph TD
+subgraph ComplexHelmDistributions
+HelmFile --> ListOfHelmCharts
+CustomRelease --> ListOfHelmCharts
+end
+
+subgraph CD_Workflows
+ArgoCDApplication --> HelmChart
+end
+subgraph HELM_Repos
+B[HelmChart]
+end
+
+CD_Workflows --> D
+ComplexHelmDistributions -.-> D
+ComplexHelmDistributions -.-> D
+ComplexHelmDistributions -.-> D
+HELM_Repos --> D
+D[[Diff Action Template]]
+D --> C(fa:fa-genderless)
+```
+### Algorithm
+1. We would need previous and next version
+2. We would need access to remote chart repository
+3. We can use this command to generate templates locally and remotely
+4. We take following inputs
+   1. previous version
+   2. current version[optional] or can be generated locally
+
+```bash
+# local templating
+helm template <chart_name>.tgz -f values.yaml
+
+# remote templating
+helm template <remote_repo>/chart_name --version 1.17.1 -f values.yaml
+
+# search for all versions
+helm search repo <remote_repo>/chart_name --versions
+```
+4. Diff it
diff --git a/main.sh b/main.sh
index 111440f..8d7f2d0 100755
--- a/main.sh
+++ b/main.sh
@@ -60,8 +60,8 @@ case "${ACTION}" in
         OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)
         OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         if [ $? -ge 2 ]; then
-            OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT=$(sh -c "diff -u --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT1=$(sh -c "diff -u /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
         echo -e '\033[1mComputed Helm Diff\033[0m'
@@ -71,7 +71,12 @@ case "${ACTION}" in
         COMMENT="#### \`Computed Helm Diff\` Output
 <details>
 <summary>Details</summary>
+
+
+```bash
 $OUTPUT1
+```
+
 </details>"
         PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
 

From 76d59fdf943b9ea049304d0371e7cc61082986c3 Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 18:05:19 +0530
Subject: [PATCH 19/22] undo -u changes

---
 main.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.sh b/main.sh
index 8d7f2d0..45d1a56 100755
--- a/main.sh
+++ b/main.sh
@@ -60,8 +60,8 @@ case "${ACTION}" in
         OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)
         OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         if [ $? -ge 2 ]; then
-            OUTPUT=$(sh -c "diff -u --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-            OUTPUT1=$(sh -c "diff -u /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
+            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
         fi
         SUCCESS=$?
         echo -e '\033[1mComputed Helm Diff\033[0m'

From f0a8f395a0f3d91ca653741d70371e33aec3821b Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Wed, 25 Oct 2023 18:09:14 +0530
Subject: [PATCH 20/22] undo -u changes

---
 main.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.sh b/main.sh
index 45d1a56..356d5a1 100755
--- a/main.sh
+++ b/main.sh
@@ -73,9 +73,9 @@ case "${ACTION}" in
 <summary>Details</summary>
 
 
-```bash
+\`\`\`bash
 $OUTPUT1
-```
+\`\`\`
 
 </details>"
         PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')

From 1ace031af02ac234df93a2c6f21c3d2a4f6eb256 Mon Sep 17 00:00:00 2001
From: Ronak Kogta <rarchk@users.noreply.github.com>
Date: Sat, 6 Jan 2024 17:33:00 +0530
Subject: [PATCH 21/22] Enable audit and diff features (#12)

* Adding audit code

* removing typo.

* adding binary path

* adding more values

* Updating ark support.

* update helm version

* update polaris version

* updated serverless chart naming conventions

* moving away from git fetch workflow

* removing version of arkade

* Changed helm diff logic

* updating README

---------

Co-authored-by: rarchk <ronak.kogta@amagi.com>
---
 README.md |  49 ++++++++++++++++++++++++--
 common.sh |  82 ++++++++++++++++++++++++++++++++++++++-----
 main.sh   | 102 +++++++++++++++++++++++++++---------------------------
 3 files changed, 172 insertions(+), 61 deletions(-)

diff --git a/README.md b/README.md
index ef05a4f..db4f428 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ _Note this action is written to specifically work with Helm repos in Artifactory
 
 - `lint` - Runs helm linter along with dependency build.
 - `diff` - Runs helm diff using templates along with dependency build.
+- `audit` - Runs audit on helm files
 - `package` - Involves helm client only and does dependency build, lint and package chart
 - `publish-artifactory` - Uses helm artifactory plugin to uploads the chart
 - `publish-chartmuseum` - Uses helm cm plugin to uploads the chart
@@ -84,7 +85,7 @@ DEBUG: # If defined will set debug in shell script.
 Never use `main` branch in your github workflows!
 
 ```yaml
-name: Helm lint, test, package and publish
+name: Helm lint, test, package, publish, audit, diff
 
 on: pull_request
 
@@ -158,7 +159,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       - name: "Helm publish artifactory"
-        uses: rarchk/action-helm-tools@v1.1.0
+        uses: rarchk/action-helm-tools@v1.2.0
         with:
           action: "publish-chartmuseum"
         env:
@@ -212,3 +213,47 @@ helm template <remote_repo>/chart_name --version 1.17.1 -f values.yaml
 helm search repo <remote_repo>/chart_name --versions
 ```
 4. Diff it
+
+
+### Workflow Example
+```yaml
+      - run: sh -c "sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq"
+        name: setup yq
+
+      - name: Get upstream chart version
+        id: lookupChartVersion
+        run: |
+          sh -c "echo result=$(git fetch -a; git show origin/${{ steps.branch-name.outputs.base_ref_branch }}:${{ matrix.dir }}/Chart.yaml  | yq .version) >> $GITHUB_OUTPUT"
+
+      - name: Get upstream chart name
+        id: lookupChartName
+        run: |
+          sh -c "echo result=$(yq .name <  ${{ matrix.dir }}/Chart.yaml) >> $GITHUB_OUTPUT"
+
+
+      - name: "Helm diff"
+        id: diff
+        uses: rarchk/action-helm-tools@v1.2.0
+        env:
+          ACTION: "diff"
+          FROM_CHART: "${{ steps.lookupChartVersion.outputs.result }}"
+          TO_CHART: ""
+          CHART_DIR: "${{ matrix.dir }}" #In case TO_CHART is not available
+          CHART_NAME: "${{ steps.lookupChartName.outputs.result }}"
+          OPTIONAL_VALUES: "app.ingress.enabled=false"
+          ARTIFACTORY_URL: ""
+          ARTIFACTORY_USERNAME:  ""
+          ARTIFACTORY_PASSWORD:  ""
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+```
+
+## Audit example
+It statically audits k8s resources
+```yaml
+      - name: "Helm audit"
+        uses: rarchk/action-helm-tools@v1.2.0
+        env:
+          ACTION: "audit"
+          CHART_DIR: "${{ matrix.dir }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+```
diff --git a/common.sh b/common.sh
index 30e20a2..efd9f2d 100755
--- a/common.sh
+++ b/common.sh
@@ -1,13 +1,16 @@
 #!/bin/bash -l
 set -eo pipefail
 
-export HELM_VERSION=${HELM_VERSION:="3.5.1"}
-export KUBECTL_VERSION=${KUBECTL_VERSION:="1.21.0"}
+export HELM_VERSION=${HELM_VERSION:="v3.13.3"}
+export KUBECTL_VERSION=${KUBECTL_VERSION:="v1.28.0"}
 export HELM_ARTIFACTORY_PLUGIN_VERSION=${HELM_ARTIFACTORY_PLUGIN_VERSION:="v1.0.2"}
 export HELM_CHARTMUSEUM_PLUGIN_VERSION=${HELM_CHARTMUSEUM_PLUGIN_VERSION:="0.10.3"}
 export CHART_VERSION=${CHART_VERSION:=""}
 export CHART_APP_VERSION=${CHART_APP_VERSION:=""}
 export DYFF_VERSION=${DYFF_VERSION:="1.6.0"}
+export YQ_VERSION=${YQ_VERSION:="v4.40.5"}
+export POLARIS_VERSION=${POLARIS_VERSION:="8.5.3"}
+export KUBE_SCORE_VERSION=${KUBE_SCORE_VERSION:="1.17.0"}
 
 export GCLOUD_PROJECT_CHECK=${GCLOUD_PROJECT_CHECK:="true"}
 
@@ -49,10 +52,9 @@ get_chart_version(){
 }
 
 get_helm() {
-    print_title "Get helm:${HELM_VERSION}"
-    curl -L "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar xvz
-    chmod +x linux-amd64/helm
-    sudo mv linux-amd64/helm /usr/local/bin/helm
+    print_title "Installing helm:${HELM_VERSION}"
+    ark get helm --version "${HELM_VERSION}" --quiet
+    helm version --short -c
 }
 
 install_helm() {
@@ -82,7 +84,7 @@ install_cmpush_plugin(){
 remove_helm(){
     helm plugin uninstall push-artifactory
     helm plugin uninstall cm-push
-    sudo rm -rf /usr/local/bin/helm
+    # sudo rm -rf /usr/local/bin/helm
 }
 
 function version {
@@ -108,8 +110,72 @@ install_dyff() {
 }
 
 get_dyff() {
-    print_title "Get dyff:${DYFF_VERSION}"
+    print_title "Installing dyff:${DYFF_VERSION}"
     curl -L "https://github.com/homeport/dyff/releases/download/v${DYFF_VERSION}/dyff_${DYFF_VERSION}_linux_amd64.tar.gz" | tar xvz
     chmod +x dyff
     sudo mv dyff /usr/local/bin/dyff
 }
+
+install_polaris() {
+    if ! command -v polaris; then
+        print_title "Installing polaris:${POLARIS_VERSION}"
+        ark get polaris  --version "${POLARIS_VERSION}" --quiet
+    fi
+    polaris version
+    if ! command -v kube-score; then
+        print_title "Installing kube-score:${POLARIS_VERSION}"
+        curl -L "https://github.com/zegl/kube-score/releases/download/v${KUBE_SCORE_VERSION}/kube-score_${KUBE_SCORE_VERSION}_linux_amd64.tar.gz" | tar xvz
+        chmod +x kube-score
+        sudo mv kube-score /usr/local/bin/kube-score
+    fi
+    kube-score version
+}
+
+install_yq() {
+    if ! command -v yq; then
+        print_title "Installing yq:${YQ_VERSION}"
+        ark get yq  --version "${YQ_VERSION}" --quiet
+    fi
+    yq --version
+}
+
+install_ark() {
+    if ! command -v ark; then
+        echo "ark is missing"
+        curl -sLS https://get.arkade.dev | sudo sh
+    fi 
+    export PATH=$PATH:$HOME/.arkade/bin/
+}
+
+remove_ark() {
+    rm -f $HOME/.arkade/bin/*
+}
+
+safe_exec(){
+    start=$(date +%s)
+    $@
+    end=$(date +%s)
+    echo "Elapsed time for executing $@: $(($end-$start)) seconds"
+}
+
+send_github_comments() {
+    if [[ -z "${2}" ]]; then
+        printf "No data passed. Skipping posting comments"
+        exit 0
+    fi
+    COMMENT="#### $1 Output
+<details>
+<summary>Details</summary>
+
+$2
+</details>"
+
+        PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
+        COMMENTS_URL=$(cat "$GITHUB_EVENT_PATH" | jq -r .pull_request.comments_url)
+        echo "Commenting on PR $COMMENTS_URL"
+        curl --silent -X POST \
+          --header 'content-type: application/json' \
+          --header  "Authorization: token $GITHUB_TOKEN" \
+          --data "$PAYLOAD" "$COMMENTS_URL" > /dev/null
+        exit 0 
+}
\ No newline at end of file
diff --git a/main.sh b/main.sh
index 356d5a1..cb214d9 100755
--- a/main.sh
+++ b/main.sh
@@ -10,12 +10,11 @@ SCRIPT_DIR=$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}" || realpath "${BASH_S
 export SCRIPT_DIR
 source "$SCRIPT_DIR/common.sh"
 
+install_ark
 install_helm
 install_artifactory_plugin
 install_cmpush_plugin
 get_chart_version
-install_dyff
-
 case "${ACTION}" in
     "lint")
         print_title "Helm dependency build"
@@ -28,65 +27,65 @@ case "${ACTION}" in
         else
             helm lint "${CHART_DIR}"
         fi
+        ;;
+    "audit")
+        install_polaris
+        print_title "Helm dependency build"
+        helm dependency build "${CHART_DIR}"
+
+        print_title "Helm audit"
+        polaris audit --helm-chart  "${CHART_DIR}" --helm-values "${CHART_DIR}/values.yaml" --format=pretty --quiet
+ 
+        send_github_comments "Computed Audit for ${CHART_DIR}"  "$(helm template ${CHART_DIR} -f ${CHART_DIR}/values.yaml  | kube-score score -)"
+
         ;;
     "diff")
+        install_dyff
         print_title "Helm dependency build"
         helm dependency build "${CHART_DIR}"
         print_title "Computing Helm diff"
-        git fetch -a
 
-        if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
-            helm template "${CHART_DIR}" > /tmp/current_values.yaml
+        # Setup repo
+        safe_exec helm repo add upstream-helm-repo "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"
+        safe_exec helm repo update upstream-helm-repo
+
+        # Fetch from chart
+        if [[ -z "${FROM_CHART}" ]]; then
+            touch /tmp/upstream_values.yaml
+            printf "\x1B[31m FROM_CHART: Will create empty template\n"
         else
-            ls "${CHART_DIR}" || true
-            touch /tmp/current_values.yaml
-            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
+            helm fetch "upstream-helm-repo/${CHART_NAME}" --version "${FROM_CHART}" --debug
+            if [[ -z "${OPTIONAL_VALUES}" ]]; then
+                helm template "${CHART_NAME}-${FROM_CHART}.tgz" -f "${CHART_DIR}/values.yaml" > /tmp/upstream_values.yaml
+            else
+                helm template "${CHART_NAME}-${FROM_CHART}.tgz" -f "${CHART_DIR}/values.yaml" --set "${OPTIONAL_VALUES}" > /tmp/upstream_values.yaml
+            fi
         fi
 
-        # checkout upstream
-        echo git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
-        git checkout -b upstream_branch origin/"${UPSTREAM_BRANCH}"
-        if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
-            # chart does not exists
-            helm template "${CHART_DIR}" > /tmp/upstream_values.yaml
+        ## Fecth To chart
+        if [[ -z "${TO_CHART}" ]]; then
+            if [[ -f "${CHART_DIR}/Chart.yaml" ]]; then
+                if [[ -z "${OPTIONAL_VALUES}" ]]; then
+                    helm template "${CHART_DIR}" -f "${CHART_DIR}/values.yaml"  > /tmp/current_values.yaml
+                else
+                    helm template "${CHART_DIR}" -f "${CHART_DIR}/values.yaml" --set "${OPTIONAL_VALUES}" > /tmp/current_values.yaml
+                fi               
+            else
+                touch /tmp/current_values.yaml
+                printf "\x1B[31m FROM_CHART: Will create empty template\n"
+            fi
         else
-            ls "${CHART_DIR}" || true
-            touch /tmp/upstream_values.yaml
-            printf "\x1B[31m ChartFileDoesNotExists: Will create empty template\n"
+            helm fetch "upstream-helm-repo/${CHART_NAME}" --version "${TO_CHART}" --debug
+            if [[ -z "${OPTIONAL_VALUES}" ]]; then
+                helm template "${CHART_NAME}-${TO_CHART}.tgz" -f "${CHART_DIR}/values.yaml" > /tmp/current_values.yaml
+            else
+                helm template "${CHART_NAME}-${TO_CHART}.tgz" -f "${CHART_DIR}/values.yaml" --set "${OPTIONAL_VALUES}" > /tmp/current_values.yaml
+            fi
         fi
-
         # Compute diff between two releases
-        set +e
-        OUTPUT=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml -c on" 2>&1)
-        OUTPUT1=$(sh -c "dyff between /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-        if [ $? -ge 2 ]; then
-            OUTPUT=$(sh -c "diff --color /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-            OUTPUT1=$(sh -c "diff /tmp/upstream_values.yaml /tmp/current_values.yaml" 2>&1)
-        fi
-        SUCCESS=$?
-        echo -e '\033[1mComputed Helm Diff\033[0m'
-        printf "$OUTPUT\n"
-
-        # COMMENT STRUCTURE
-        COMMENT="#### \`Computed Helm Diff\` Output
-<details>
-<summary>Details</summary>
-
-
-\`\`\`bash
-$OUTPUT1
-\`\`\`
-
-</details>"
-        PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
-
-        COMMENTS_URL=$(cat "$GITHUB_EVENT_PATH" | jq -r .pull_request.comments_url)
-        echo "Commenting on PR $COMMENTS_URL"
-        curl --silent -X POST \
-          --header 'content-type: application/json' \
-          --header  "Authorization: token $GITHUB_TOKEN" \
-          --data "$PAYLOAD" "$COMMENTS_URL" > /dev/null
-        exit 0
+        dyff between -i /tmp/upstream_values.yaml /tmp/current_values.yaml
+        send_github_comments "Computed Helm Diff for ${CHART_DIR}"  "$(dyff between -i --omit-header  /tmp/upstream_values.yaml /tmp/current_values.yaml)"
+
         ;;
     "package")
         print_title "Helm dependency build"
@@ -109,8 +108,8 @@ $OUTPUT1
         ;;
     "publish-chartmuseum")
         print_title "Push chart to chartmuseum"
-        helm repo add amagi-charts "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"
-        helm cm-push "${CHART_DIR}" amagi-charts || true
+        helm repo add upstream-helm-repo "${ARTIFACTORY_URL}" --username "${ARTIFACTORY_USERNAME}" --password "${ARTIFACTORY_PASSWORD}"
+        helm cm-push "${CHART_DIR}" upstream-helm-repo || true
         ;;
     "publish-gar")
         print_title "Push chart on OCI registry"
@@ -173,3 +172,4 @@ $OUTPUT1
 esac
 
 remove_helm
+remove_ark

From 78d27e740110c40d6ebe6c7a53e5ce2b681223bb Mon Sep 17 00:00:00 2001
From: rarchk <ronak.kogta@amagi.com>
Date: Sun, 7 Jan 2024 17:20:49 +0530
Subject: [PATCH 22/22] Removed helm chart version dependency to package
 contruct

---
 main.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.sh b/main.sh
index cb214d9..aff88b6 100755
--- a/main.sh
+++ b/main.sh
@@ -14,7 +14,6 @@ install_ark
 install_helm
 install_artifactory_plugin
 install_cmpush_plugin
-get_chart_version
 case "${ACTION}" in
     "lint")
         print_title "Helm dependency build"
@@ -35,7 +34,7 @@ case "${ACTION}" in
 
         print_title "Helm audit"
         polaris audit --helm-chart  "${CHART_DIR}" --helm-values "${CHART_DIR}/values.yaml" --format=pretty --quiet
- 
+
         send_github_comments "Computed Audit for ${CHART_DIR}"  "$(helm template ${CHART_DIR} -f ${CHART_DIR}/values.yaml  | kube-score score -)"
 
         ;;
@@ -69,7 +68,7 @@ case "${ACTION}" in
                     helm template "${CHART_DIR}" -f "${CHART_DIR}/values.yaml"  > /tmp/current_values.yaml
                 else
                     helm template "${CHART_DIR}" -f "${CHART_DIR}/values.yaml" --set "${OPTIONAL_VALUES}" > /tmp/current_values.yaml
-                fi               
+                fi
             else
                 touch /tmp/current_values.yaml
                 printf "\x1B[31m FROM_CHART: Will create empty template\n"
@@ -89,6 +88,7 @@ case "${ACTION}" in
         ;;
     "package")
         print_title "Helm dependency build"
+        get_chart_version
         helm dependency build "${CHART_DIR}"
 
         print_title "Linting"